Beispiel #1
0
def es_get_rules_stats(request, hostname, count=20, from_date=0 , qfilter = None):
    templ = Template(ALERT_ID_QUERY)
    context = Context({'appliance_hostname': hostname, 'alerts_number': count, 'from_date': from_date})
    if qfilter != None:
        query_filter = " AND " + qfilter
        context['query_filter'] = re.sub('"','\\"', query_filter)
    data = templ.render(context)
    es_url = get_es_url(from_date)
    req = urllib2.Request(es_url, data)
    try:
        out = urllib2.urlopen(req)
    except:
        return None
    data = out.read()
    # returned data is JSON
    data = json.loads(data)
    # total number of results
    try:
        if settings.ELASTICSEARCH_2X:
            data = data['aggregations']['alert']['buckets']
        else:
            data = data['facets']['table']['terms']
    except:
        rules = ExtendedRuleTable([])
        tables.RequestConfig(request).configure(rules)
        return rules
    rules = []
    if data != None:
        for elt in data:
            try:
                if settings.ELASTICSEARCH_2X:
                    sid=elt['key']
                else:
                    sid=elt['term']
                rule = Rule.objects.get(sid=sid)
            except:
                print "Can not find rule with sid " + str(sid)
                continue
            if settings.ELASTICSEARCH_2X:
                rule.hits = elt['doc_count']
            else:
                rule.hits = elt['count']
            rules.append(rule)
        rules = ExtendedRuleTable(rules)
        tables.RequestConfig(request).configure(rules)
    else:
        rules = ExtendedRuleTable([])
        tables.RequestConfig(request).configure(rules)
    return rules
Beispiel #2
0
def es_get_rules_stats(request, hostname, count=20, from_date=0):
    templ = Template(ALERT_ID_QUERY)
    context = Context({'appliance_hostname': hostname, 'alerts_number': count, 'from_date': from_date})
    data = templ.render(context)
    req = urllib2.Request(URL, data)
    try:
        out = urllib2.urlopen(req)
    except:
        return None
    data = out.read()
    # returned data is JSON
    data = json.loads(data)
    # total number of results
    try:
        data = data['facets']['table']['terms']
    except:
        return None
    rules = []
    if data != None:
        for elt in data:
            try:
                rule = Rule.objects.get(sid=elt['term'])
            except:
                print "Can not find rule with sid " + str(elt['term'])
                continue
            rule.hits = elt['count']
            rules.append(rule)
        rules = ExtendedRuleTable(rules)
        tables.RequestConfig(request).configure(rules)
    else:
        return None
    return rules
Beispiel #3
0
def es_get_rules_stats(request, hostname, count=20, from_date=0, qfilter=None):
    templ = Template(TOP_QUERY)
    context = Context({
        'appliance_hostname': hostname,
        'count': count,
        'from_date': from_date,
        'field': 'alert.signature_id'
    })
    if qfilter != None:
        query_filter = " AND " + qfilter
        context['query_filter'] = re.sub('"', '\\"', query_filter)
    data = templ.render(context)
    es_url = get_es_url(from_date)
    req = urllib2.Request(es_url, data)
    try:
        out = urllib2.urlopen(req)
    except:
        return None
    data = out.read()
    # returned data is JSON
    data = json.loads(data)
    # total number of results
    try:
        if settings.ELASTICSEARCH_2X:
            data = data['aggregations']['table']['buckets']
        else:
            data = data['facets']['table']['terms']
    except:
        rules = ExtendedRuleTable([])
        tables.RequestConfig(request).configure(rules)
        return rules
    rules = []
    if data != None:
        for elt in data:
            try:
                if settings.ELASTICSEARCH_2X:
                    sid = elt['key']
                else:
                    sid = elt['term']
                rule = Rule.objects.get(sid=sid)
            except:
                print "Can not find rule with sid " + str(sid)
                continue
            if settings.ELASTICSEARCH_2X:
                rule.hits = elt['doc_count']
            else:
                rule.hits = elt['count']
            rules.append(rule)
        rules = ExtendedRuleTable(rules)
        tables.RequestConfig(request).configure(rules)
    else:
        rules = ExtendedRuleTable([])
        tables.RequestConfig(request).configure(rules)
    return rules
Beispiel #4
0
def es_get_rules_stats(request, hostname, count=20, from_date=0, qfilter=None):
    data = render_template(TOP_QUERY, {
        'appliance_hostname': hostname,
        'count': count,
        'from_date': from_date,
        'field': 'alert.signature_id'
    },
                           qfilter=qfilter)
    es_url = get_es_url(from_date)
    headers = {'content-type': 'application/json'}
    req = urllib2.Request(es_url, data, headers=headers)
    try:
        out = urllib2.urlopen(req, timeout=TIMEOUT)
    except:
        return None
    data = out.read()
    # returned data is JSON
    data = json.loads(data)
    # total number of results
    try:
        if settings.ELASTICSEARCH_VERSION >= 2:
            data = data['aggregations']['table']['buckets']
        else:
            data = data['facets']['table']['terms']
    except:
        rules = ExtendedRuleTable([])
        tables.RequestConfig(request).configure(rules)
        return rules
    rules = []
    if data != None:
        for elt in data:
            try:
                if settings.ELASTICSEARCH_VERSION >= 2:
                    sid = elt['key']
                else:
                    sid = elt['term']
                rule = Rule.objects.get(sid=sid)
            except:
                print "Can not find rule with sid " + str(sid)
                continue
            if settings.ELASTICSEARCH_VERSION >= 2:
                rule.hits = elt['doc_count']
            else:
                rule.hits = elt['count']
            rules.append(rule)
        rules = ExtendedRuleTable(rules)
        tables.RequestConfig(request).configure(rules)
    else:
        rules = ExtendedRuleTable([])
        tables.RequestConfig(request).configure(rules)
    return rules